On 23/11/15 15:57, Peter Bowen wrote:
I realize that Mozilla carved out allowance for not disclosing, but
the CA/Browser Forum did not adopt this, instead only exempting
technically constrained CAs from the audit requirement. Maybe this is
a place where the Mozilla policy can aligned with the BRs.
Are you referring to section 3.2.6 of the BRs?
~~
3.2.6. Criteria for Interoperation or Certification
The CA SHALL disclose all Cross Certificates that identify the CA as the
Subject, provided that the CA arranged
for or accepted the establishment of the trust relationship (i.e. the
Cross Certificate at issue).
~~
Or were you referring to something else?
From BR Definitions:
Cross Certificate: A certificate that is used to establish a trust
relationship between two Root CAs.
Root CA: The top level Certification Authority whose Root Certificate is
distributed by Application Software
Suppliers and that issues Subordinate CA Certificates.
Kathleen
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
